Page MenuHome GnuPG
Differential D485

gpg: add the --delete-secret-subkeys command
AbandonedPublic
Actions

Authored by matheusmoreira on May 4 2019, 10:17 PM.

Details

Reviewers
None
Maniphest Tasks
T4544: More prompts before key deletion
T4457: Improve deletion of secret subkeys (don't delete primary key when subkey deletion is requested)
Commits
rKLEOPATRA5e9d402be380: Yet another place with deprecated API
Summary
  • g10/gpg.c (cmd_and_opt_values): Add delete-secret-subkeys command.

(opts): Add delete-secret-subkeys argparse option.
(main): Parse and invoke the delete-secret-subkeys command.

  • g10/main.h (delete_keys): Add subkeys_only parameter.
  • g10/delkey.c (delete_keys): Likewise.

(do_delete_key): Skip primary keys if subkeys_only is true.

  • po/pt.po: Translate delete-secret-subkeys command description.
  • doc/gpg.texi: Document the delete-secret-subkeys command.

The new delete-secret-subkeys command is a safer variant of the existing
delete-secret-keys command. It skips primary keys during the deletion
process, preventing accidental deletion of the user's primary key
even if an exact key description for the primary key is provided.

Signed-off-by: Matheus Afonso Martins Moreira <matheus.a.m.moreira@gmail.com>

Test Plan

Given a temporary gpg home with one primary and multiple subordinate keys:

$ agent/gpg-agent --daemon --homedir $XDG_RUNTIME_DIR/gnupg-git

$ g10/gpg --homedir $XDG_RUNTIME_DIR/gnupg-git --batch --passphrase '' --default-new-key-algo rsa1024/cert --quick-gen-key test
$ PRIMARY=$(g10/gpg --homedir $XDG_RUNTIME_DIR/gnupg-git -K --with-colons | awk -F: '/fpr/ { print $10 }' | head -1)

$ g10/gpg --homedir $XDG_RUNTIME_DIR/gnupg-git --batch --passphrase '' --quick-add-key $PRIMARY rsa1024 sign
$ SIGN=$(g10/gpg --homedir $XDG_RUNTIME_DIR/gnupg-git -K --with-subkey-fingerprint --with-colons | awk -F : '/fpr/ { print $10 }' | tail -1)

$ g10/gpg --homedir $XDG_RUNTIME_DIR/gnupg-git --batch --passphrase '' --quick-add-key $PRIMARY rsa1024 encr
$ g10/gpg --homedir $XDG_RUNTIME_DIR/gnupg-git --batch --passphrase '' --quick-add-key $PRIMARY rsa1024 auth
  1. --delete-secret-subkeys $PRIMARY should delete all subkeys and leave the primary key intact.
  2. --delete-secret-subkeys $PRIMARY! should not delete any keys.
  3. --delete-secret-subkeys $SIGN should delete all subkeys and leave the primary key intact.
  4. --delete-secret-subkeys $SIGN! should delete only the signing subkey and leave the primary key and other subkeys intact.

Diff Detail

Repository
rG GnuPG
Lint
Lint Skipped
Unit
Unit Tests Skipped

Event Timeline

matheusmoreira created this revision.May 4 2019, 10:17 PM
matheusmoreira added a parent revision: D482: gpg: confirm again before deleting primary key.
matheusmoreira added a child revision: D486: po: add portuguese description for new command.May 4 2019, 10:22 PM
matheusmoreira added a task: T4457: Improve deletion of secret subkeys (don't delete primary key when subkey deletion is requested).
matheusmoreira added a child revision: D487: gpg: don't delete any keys if --dry-run is passed.May 8 2019, 11:49 PM
matheusmoreira updated this revision to Diff 1381.May 22 2019, 2:20 AM

Rebased on top of master: 4c7d63cd5b02

matheusmoreira removed a child revision: D487: gpg: don't delete any keys if --dry-run is passed.May 22 2019, 2:38 AM
matheusmoreira added a child revision: D488: gpg: add the --delete-secret-key-stubs command.
matheusmoreira added a task: T4544: More prompts before key deletion.May 28 2019, 5:39 PM
matheusmoreira mentioned this in D486: po: add portuguese description for new command.May 28 2019, 5:42 PM
matheusmoreira updated this revision to Diff 1395.May 28 2019, 5:50 PM
matheusmoreira retitled this revision from gpg: introduce the --delete-secret-subkeys command to gpg: add the --delete-secret-subkeys command.
matheusmoreira edited the summary of this revision. (Show Details)
matheusmoreira added a parent revision: D480: gpg: factor out secret key deletion function.May 28 2019, 5:57 PM
matheusmoreira removed a parent revision: D482: gpg: confirm again before deleting primary key.
matheusmoreira removed a child revision: D486: po: add portuguese description for new command.
matheusmoreira updated this revision to Diff 1399.May 29 2019, 10:03 AM
matheusmoreira edited the summary of this revision. (Show Details)

Add documentation.

matheusmoreira edited the summary of this revision. (Show Details)May 29 2019, 10:09 AM
matheusmoreira abandoned this revision.Jun 6 2019, 3:24 AM

New commands can't be introduced.

Fred23 added a commit: rKLEOPATRA5e9d402be380: Yet another place with deprecated API.Jun 20 2021, 6:09 PM

Revision Contents
Changeset List

PathSize
doc/
13 lines
g10/
14 lines
10 lines
2 lines
po/
3 lines

Diff 1399

View Options

doc/gpg.texi

Loading...
View Options

g10/delkey.c

Loading...
View Options

g10/gpg.c

Loading...
View Options

g10/main.h

Loading...
View Options

po/pt.po

Loading...